In emails from external email addresses to University email addresses, Proofpoint rewrites suspicious hyperlinks to clarify where links are actually directed. When recipients click a rewritten link, they are redirected to Proofpoint, which evaluates the security of the linked site. If Proofpoint determines it to be safe, recipients are redirected automatically to the linked site. Users may notice a 1-2 second delay for the webpage to load as Proofpoint scans it first. If Proofpoint determines the site to be malicious, recipients are notified that the site has been blocked.

What's phishing?

Phishing is an Internet scam where scam artists send official-looking emails to people, attempting to fool them into disclosing their personal information. They can pretend to be from a legitimate bank, organization, government agency or store, or claim to be the host of a lottery or contest. Some even imitate the University Helpdesk. They try to get victims to reveal personal information such as user names and passwords, banking records or account numbers, or social security numbers by replying to the email or entering it on a phony web site. Phishing is dangerous because it can easily result in credit card fraud or identity theft.

How do people fall for that?

Phishers are tricky. They use upsetting or exciting (but false) statements in order to elicit an immediate response from users. This is how they reel people in. Phishing occurs more often than you might think. According to Dr. Dobbs, 500 million phishing emails are sent delivered every day!

Avoid getting hooked by phishers

Now that you know phishers' motives and methods, follow these basic security precautions in order to avoid becoming a victim.

Be on the lookout for suspicious emails. Legitimate, responsible companies will never solicit personal information over email. Never reveal personal or financial information in a response to an email request, no matter who appears to have sent it.

Don't click on links or attachments contained in emails. Instead, visit the mentioned web site directly by using a search engine to locate the real site. If the web address found through the search engine and the address in the email do not match up, the email is most likely a phishing attempt or spam and should be deleted.

Set up a spam filter. A spam filter can greatly reduce the amount of phishing emails you receive. The University offers a free spam management system, Sophos PureMessage.

If you are still tempted to click, pick up the phone instead. If the message looks real and you are really tempted to respond, instead look up the phone number of the company and call them. Do not use any phone number in the email as it could be fake. Ask if the message was actually sent by the company and if you can take care of any issues over the phone instead.

What should I do if I think something phishy's going on?

Act immediately if you think you've been hooked by a phisher. If you've given personal information to a phisher, notify the companies who manage your compromised accounts right away. For information on how to put a "fraud alert" on your files at credit bureaus, contact the Federal Trade Commission's ID Theft Clearinghouse at www.consumer.gov/idtheft or 1-877-438-4338. If you have given up your password, change it immediately.

Report phishing, whether you have become a victim or not. Tell the legitimate company that a phisher was impersonating. Also report the problem to the National Fraud Information Center and Internet Fraud Watch at www.fraud.org or 1-800-876-7060. Your report can prevent other people from becoming victims.

Examples of phishing email

Example #1: The email advertises exciting new features for University of Rochester users and tries to get you to visit a link to login. It includes the main UR mailing address in an attempt to appear more authentic.

Example #2: The email appears to be a receipt from the popular e-tailer Amazon.com. It looks official and tries to get you to click to review a purchase that you certainly didn't make. If you mouse over any of the links though, you will see that none of them point to the official amazon.com web site. If you are concerned, find Amazon's phone number and call them or inquire with an official Amazon email address as found on their Help web site - do not click the link.

Example #3: The email impersonates the University of Rochester Helpdesk. It includes a UR image and mailing address and appears to be sent from an email address similar to the official Helpdesk email in an attempt to appear more authentic. The link is clearly not to a University of Rochester server, however. When in doubt, call the real University IT Helpdesk at 585-275-2000 to inquire if the message was real.